You can reset the admin password with Systems Manager by using the RunCommand instance management feature.

You must confirm these prerequisites before you can reset the password for a Windows Server instance using Systems Manager:

The instance must have internet access (for Systems Manager) using a public IP address or NAT, or must use an Amazon Virtual Private Cloud (Amazon VPC) configured for Systems Manager. For more information, see VPC Endpoints.

You must configure Systems Manager for your AWS account, and install the Systems Manager agent on the instance. For more information, see Setting Up Systems Manager.

After you confirm these prerequisites, follow these instructions:

1. Attach this policy to the IAM role associated with the instance in order to write the encrypted password to Parameter Store.

AWSSupport-ResetAccess is a Systems Manager Automation document that automates EC2Rescue offline password reset using AWS CloudFormation and AWS Lambda functions. This includes creating an instance to assist with recovery in your Availability Zone, attaching and detaching EBS volumes, and running the EC2Rescue utility. This method also creates an Amazon VPC for EC2Rescue to use that is isolated from your environment, and creates a backup AMI of the instance.

You can use the AWSSupport-ResetAccess document if:

You lost your EC2 key pair and want to create a password-enabled AMI from your EC2 instance, so you can launch a new instance with an existing key pair.

You lost your local Administrator password and want to generate a new password that you can decrypt with the current EC2 key pair.

1. From the Amazon EC2 console, in the navigation pane expand Systems Manager Services, and then choose Automations.

2. Choose Run Automation.

3. In the Document name section, choose Owned by Me or Amazon.

4. In the document name list, choose AWSSupport-ResetAccess.

5. In the Input parameters section, enter the InstanceID of your EC2 instance.

6. Choose Run automation.

7. Wait until the execution's state changes to Success. Note that this can take up to 25 minutes.

To monitor the execution progress, choose the running automation, then choose the Steps tab.

To view the output of the automation, choose the Descriptions tab, and then choose View output.